8.2.4 Create and Set Permissions on rsyslog Log Files - created

Information

A log file must already exist for rsyslog to be able to write to it. It is important to ensure that log files exist and have the correct permissions to ensure that sensitive rsyslog data is archived and protected.

Solution

For sites that have not implemented a secure admin group- Create the /var/log/ directory and for each <logfile> listed in the /etc/rsyslog.conf or /etc/rsyslog.d/* files, perform the following commands- # touch <logfile> # chown root-root <logfile> # chmod og-rwx <logfile> For sites that have implemented a secure admin group- Create the /var/log/ directory and for each <logfile> listed in the /etc/rsyslog.conf file, perform the following commands (where is the name of the security group)- # touch <logfile> # chown root-<securegrp> <logfile> # chmod g-wx,o-rwx<logfile>

See Also

https://workbench.cisecurity.org/files/85

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c.

Plugin: Unix

Control ID: e7e67cf03ca7c4f96e39d12fc8464a18e5e0f6cf22d10bfe11a6242a9956fedc